Apache Rat™ Plugin for Apache Maven – SpotBugs Bug Detector Report

Last Published: 2024-06-30 | Version: 0.17-SNAPSHOT | Apache > Creadur > Rat > Apache Rat™ Plugin for Apache Maven > SpotBugs Bug Detector Report

Parent Project

Apache Creadur Rat

Overview

Examples

Project Documentation

Project Information
Project Reports
- Changes
- JIRA Report
- Checkstyle
- Javadoc
- Source Xref
- Test Source Xref
- PMD
- Rat Report
- SpotBugs
- Plugin Documentation

Apache Rat™

Running Rat

Apache Creadur™

The Apache Software Foundation

Contribute

Get Involved

Committer Info

Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.5

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
27	21	0	4

Files

Class	Bugs
org.apache.rat.apache_rat_plugin.HelpMojo	1
org.apache.rat.mp.AbstractRatMojo	5
org.apache.rat.mp.FilesReportable	2
org.apache.rat.mp.RatCheckMojo	3
org.apache.rat.mp.RatReportMojo	6
org.apache.rat.mp.Regex	2
org.apache.rat.mp.util.ScmIgnoreParser	1
org.apache.rat.mp.util.ignore.IgnoringDirectoryScanner	1

org.apache.rat.apache_rat_plugin.HelpMojo

Bug	Category	Details	Line	Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks	SECURITY	XXE_DOCUMENT	77	Medium

org.apache.rat.mp.AbstractRatMojo

Bug	Category	Details	Line	Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	354	Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	624	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	659	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	484	Medium
Redundant nullcheck of th, which is known to be non-null in org.apache.rat.mp.AbstractRatMojo.getPatternsFromFile(File, String)	STYLE	RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE	530	Medium

org.apache.rat.mp.FilesReportable

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.rat.mp.FilesReportable at new org.apache.rat.mp.FilesReportable(File, String[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	38	Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	51	Medium

org.apache.rat.mp.RatCheckMojo

Bug	Category	Details	Line	Priority
Found reliance on default encoding in org.apache.rat.mp.RatCheckMojo.check(): java.io.ByteArrayOutputStream.toString()	I18N	DM_DEFAULT_ENCODING	154	High
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	194	Medium
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.mp.RatCheckMojo.getConfiguration()	BAD_PRACTICE	RV_RETURN_VALUE_IGNORED_BAD_PRACTICE	184	Medium

org.apache.rat.mp.RatReportMojo

Bug	Category	Details	Line	Priority
Found reliance on default encoding in org.apache.rat.mp.RatReportMojo.executeReport(Locale): java.io.ByteArrayOutputStream.toString()	I18N	DM_DEFAULT_ENCODING	412	High
org.apache.rat.mp.RatReportMojo.getSink() may expose internal representation by returning RatReportMojo.sink	MALICIOUS_CODE	EI_EXPOSE_REP	328	Medium
org.apache.rat.mp.RatReportMojo.generate(Sink, SinkFactory, Locale) may expose internal representation by storing an externally mutable object into RatReportMojo.sink	MALICIOUS_CODE	EI_EXPOSE_REP2	258	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	141	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	278	Medium
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.mp.RatReportMojo.execute()	BAD_PRACTICE	RV_RETURN_VALUE_IGNORED_BAD_PRACTICE	162	Medium

org.apache.rat.mp.Regex

Bug	Category	Details	Line	Priority
Format string should use %n rather than \n in org.apache.rat.mp.Regex.set(String)	BAD_PRACTICE	VA_FORMAT_STRING_USES_NEWLINE	33	Medium
Format string should use %n rather than \n in org.apache.rat.mp.Regex.setExpr(String)	BAD_PRACTICE	VA_FORMAT_STRING_USES_NEWLINE	29	Medium

org.apache.rat.mp.util.ScmIgnoreParser

Bug	Category	Details	Line	Priority
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	61	Medium

org.apache.rat.mp.util.ignore.IgnoringDirectoryScanner

Bug	Category	Details	Line	Priority
Suspicious comparison of Boolean references in org.apache.rat.mp.util.ignore.IgnoringDirectoryScanner.matchesAnIgnoreMatcher(String)	BAD_PRACTICE	RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN	44	Medium

Copyright © 2016-2024 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. Apache Creadur, Creadur, Apache Rat, Apache Tentacles, Apache Whisker, Apache and the Apache feather logo are trademarks of The Apache Software Foundation. Oracle and Java are registered trademarks of Oracle and/or its affiliates. All other marks mentioned may be trademarks or registered trademarks of their respective owners.